User:Shawndouglas/sandbox/sublevel1
Gartner defines a managed security service provider (MSSP) as an entity that "provides outsourced monitoring and management of security devices and systems," including "managed firewall, intrusion detection, virtual private network, vulnerability scanning, and anti-viral services."[1] Gartner continues, noting that MSSPs run their security operations through their own or third-party data centers in order to provide an "always available" service, with the ultimate intent of reducing "the number of operational security personnel an enterprise needs to hire, train, and retain to maintain an acceptable security posture."[1] In addition to reducing personnel requirements, turning to an MSSP may also improve the overall security competency of and reduce the technological complexity burdens within an organization.[2][3]
One perceived downside to this approach may be the added risk of placing access to sensitive data in the hands of a third party, and indeed, there may be a few unique situations where it makes the most sense to keep security operations in-house.[4] However, this perceived downside largely comes down to a question of the trust you place in the MSSP. As was discussed in previous chapters, many cloud service providers (CSPs) recognize the importance of supporting the element of trust associated with its services, as witnessed by their trust centers and associated documentation and certifications, particularly those related to the management of sensitive data. This element of trust is also baked into the service level agreement (SLA) provided by the CSP.[4] In the end, just like a CSP, the level of trust you place with an MSSP will largely be based upon your business' approach to both vetting them and determining the level of accepted risk should the MSSP not be able to meet your every requirement. (These aspects are discussed in further detail in the following chapter.)
5.1.1 Managed security services in the cloud
Just as turning to a CSP's infrastructure as a service (IaaS) offloads much of the responsibility for supporting IT infrastructure to someone else, you can also offload a significant portion of the responsibility for supporting cloud security to someone else. As such, the vendor of managed security services (MSS)—whether it's the CSP itself or a third-party cloud-friendly MSSP—manages cloud-based security aspects such as vulnerability testing, intrusion detection, firewall management, virtual private network (VPN) management, security reporting, and technical support for your cloud implementation. As such, most of your internal IT staff can be freed to focus on other aspects of the business' IT infrastructure and operational developments.
But turning to MSS for your cloud implementation should be about more than just staffing relief. Outsourcing security services may also have other perceived benefits to an organization, such as gaining operational and financial efficiency, increasing service availability, and avoiding technological obsolescence.[5] To be sure, managing cybersecurity in the cloud is both vital to and difficult for the average organization, particularly small organizations like independent laboratories with constrained budgets. Managing the physical and cybersecurity complexities associated with the likes of the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS) can be daunting, particularly given a lack of sufficient in-house expertise. Throw hybrid and multicloud deployments into the mix, and you suddenly require even more in-house expertise for development in public cloud environments like AWS and Microsoft Azure. When also considering that traditional on-premises IT security experience is not enough to manage cloud implementations, it's not difficult to imagine a scenario where an inexperienced IT staff could misconfigure a network security setting and compromise sensitive data within a cloud implementation.[4]
An optimally run set of managed security services by a knowledgeable and experienced organization able to offer and stick to clear, legally defensible service level agreements and information governance mechanisms[6][7] makes sense for organizations without the necessary technical expertise and with significant liability should something go wrong. The complexities of running secure operations in the cloud only increase the importance of such an MSSP. Such a provider is able to[8]:
- monitor for, identify, assess, and react to vulnerabilities, intrusions, and other threats;
- audit, adjust, and patch native security settings;
- improve encryption, firewall, and anti-malware mechanisms;
- manage and secure connected devices;
- manage and improve identity access management; and
- provide detailed reports about the state of organizational infrastructure.
References
- ↑ 1.0 1.1 "Managed Security Service Provider (MSSP)". Gartner Glossary. Gartner, Inc. https://www.gartner.com/en/information-technology/glossary/mssp-managed-security-service-provider. Retrieved 21 August 2021.
- ↑ "Managed security services (MSS)". IBM. https://www.ibm.com/security/services/managed-security-services. Retrieved 21 August 2021.
- ↑ "The REAL Benefits of a Managed Security Service Provider (MSSP)". SecureOPS. 26 August 2020. https://secureops.com/2020/08/26/the-real-benefits-of-an-mssp/. Retrieved 21 August 2021.
- ↑ 4.0 4.1 4.2 "How Managed Cloud Security Works, and Why You Might Want It". Trianz. 29 March 2021. https://www.trianz.com/insights/managed-cloud-security-services-how-and-why-it-works. Retrieved 21 August 2021.
- ↑ Federal Financial Institutions Examination Council (June 2004). "Outsourcing Technology Services" (PDF). FFIEC. https://ithandbook.ffiec.gov/media/274841/ffiec_itbooklet_outsourcingtechnologyservices.pdf. Retrieved 21 August 2021.
- ↑ Smallwood, R.F. (2014). "Chapter 1: The Onslaught of Big Data and the Information Governance Imperative". Information Governance: Concepts, Strategies, and Best Practices. Wiley. pp. 3–13. ISBN 9781118218303.
- ↑ O'Neill, S. (22 October 2015). "Information Governance: A Principled Framework". Daymark Blog. https://www.daymarksi.com/information-technology-navigator-blog/information-governance-a-principled-framework. Retrieved 21 August 2021.
- ↑ Dotson, C. (2019). "Chapter 7: Detecting, Responding to, and Recovering from Security Incidents". Practical Cloud Security: A Guide for Secure Design and Deployment. O'Reilly Media. pp. 139–71. ISBN 9781492037514.